Beginner’s Guide to Setup an SSL Certificate in XAMPP
Installing an SSL certificate on XAMPP allows you to access your local development environment over HTTPS. This is useful for testing SSL-enabled features before deploying to production.
Key Takeaways
- XAMPP makes it easy to install SSL certificates for local development and testing.
- You need to create a self-signed certificate or get one from a certificate authority like Let’s Encrypt.
- After installing the certificate, configure Apache and phpMyAdmin in XAMPP to use HTTPS.
- Test that your local sites work over HTTPS and check for any issues before deploying live.
- Using a valid SSL certificate ensures you don’t get browser warnings for an untrusted cert.
Prerequisites Before Installing an SSL Certificate on XAMPP
Before installing an SSL certificate, make sure you have:
- XAMPP is installed and running on your local machine. The latest version is recommended.
- Administrator access to configure XAMPP and its components.
- Basic knowledge of SSL/TLS certificates and how HTTPS works.
- Control Panel access to your live hosting if copying an existing SSL cert.
5 Easy Steps to Install SSL Certificate on XAMPP
Follow below steps, and you’ll have SSL/TLS encryption up and running on XAMPP.
- Generate or Get an SSL Certificate
- Configure Apache to Use HTTPS
- Configure phpMyAdmin for HTTPS
- Testing the HTTPS Setup
- Renewing Expired Certificates
Step 1: Generate or Get an SSL Certificate
You first need to acquire an SSL certificate file to install on XAMPP. There are two options:
Create a Self-Signed Certificate
This quickly creates a free test certificate that browsers do not trust. It is useful for basic testing before getting a valid certificate.
- Open the XAMPP control panel and go to Apache > Config > SSL Certificate.
- Click the “Create Certificate” button.
- Fill in the required fields like country code, hostname, etc., and click Generate.
- The certificate and key files will be created in the same folder.
Get a Valid Certificate from a CA
For full HTTPS testing, get a browser-trusted certificate from a provider:
- Purchase a cert from a commercial CA like DigiCert, Comodo, etc. Costs money but is ideal for production sites.
- Request a free cert from Let’s Encrypt for your live domain. You can then export and install it on local XAMPP.
- Copy an existing live site SSL cert from your hosting control panel. Usually found in cPanel or Plesk.
Make sure the certificate file matches the hostname you use locally, e.g. localhost or testsite.local. The private key is also required.
Step 2: Configure Apache to Use HTTPS
With the certificate and key files ready, configure the Apache server in XAMPP to use them:
- Go to XAMPP Control Panel > Apache > Config > SSL Certificate.
- Under “Certificate file” and “Private key file,” browse and select the .crt and .key files you generated or obtained.
- Check the “SSL Protocol Support” to ensure modern TLS versions like 1.2 are enabled. Old SSLv3 is unsafe.
- Click Save to apply the changes.
- Next, open the httpd-ssl.conf file in the Apache config folder.
- Find the <VirtualHost _default_:443> section and edit the ServerName to your local domain, e.g., localhost.
- Make sure DocumentRoot points to your local site’s path, usually htdocs or www.
- Save the config file and restart the Apache service in XAMPP.
Apache is now configured for HTTPS. Time to set up phpMyAdmin and test it out.
Step 3: Configure phpMyAdmin for HTTPS
To access phpMyAdmin securely over HTTPS:
- Go to XAMPP Control Panel > Config > phpMyAdmin
- Under “SSL,” click the drop-down and select https://localhost/phpmyadmin
- Check the “Save” box and click Apply to save the changes.
Now, phpMyAdmin will redirect requests to HTTPS automatically.
Step 4: Testing the HTTPS Setup
With Apache and phpMyAdmin configured, verify that everything works properly over HTTPS:
- Open your browser and visit https://localhost – should see the site over HTTPS.
- Check for SSL certificate warnings or errors, especially with a self-signed cert.
- Try accessing phpMyAdmin at https://localhost/phpmyadmin – should load without warnings.
- Test core functionality like login, queries, file uploads, etc., to ensure no issues.
- Check the console for any mixed content warnings, especially for CSS, JS, and image assets.
- Try accessing the sites over HTTP – it should automatically redirect to HTTPS.
- Verify HTTPS works on other devices like mobile phones and tablets.
- Scan with SSL checking tools like SSL Labs to detect any misconfigurations.
Fix any issues before deploying the sites live with HTTPS. Local testing is key to avoiding problems down the line.
Step 5: Renewing Expired Certificates
For Let’s Encrypt and some other CAs, SSL certificates require periodic renewal, usually every 90 days.
When your local cert expires:
- Regenerate the cert following the same process initially. Most CAs allow automatic renewal.
- Replace the expired files with the new .crt and .key certificate files in the XAMPP config.
- Restart Apache for the changes to take effect.
Set a reminder to renew the certs before they expire to maintain uninterrupted HTTPS access.
Common Troubleshooting Tips
Here are some troubleshooting tips for common issues when installing SSL on XAMPP:
Certificate Warnings in Browser
If you see certificate errors or warnings, likely causes include:
- Use a self-signed certificate instead of a valid, trusted certificate.
- Certificate issued for wrong domain name than your local test domain.
- The old certificate expired – renew and replace with the latest files.
- Certificate not issued by a trusted certificate authority. Need to purchase from CA.
- The local browser cache needs to be cleared after adding the new certificate.
Website Not Loading Over HTTPS
If your site fails to load over HTTPS, try these fixes:
- Confirm httpd-ssl.conf has the correct hostname and document root configured.
- Check for port 443 conflicts from other programs.
- Ensure your HTTPS site URL is allowed in XAMPP firewall or antivirus rules.
- Try restarting Apache and clearing the browser cache.
Mixed Content Warnings
This means you have insecure HTTP content on an HTTPS page like images. To fix:
- Use relative paths like /images/img.jpg instead of absolute HTTP url.
- Update hard-coded HTTP urls to HTTPS in code.
- Set WordPress/CMS site and home urls to HTTPS.
- Check for any redirects stripping HTTPS, like from http:// to //
Apache Not Serving HTTPS
If Apache fails to start HTTPS, possible causes:
- Incorrect or missing certificate file path in config.
- The private key password needs to be added or corrected.
- Another program occupies Port 443. Check for conflicts.
- Invalid changes made to httpd-ssl.conf settings. Revert changes.
- Apache is not allowed through the local firewall. Add an exception for port 443.
- Apache SSL module not enabled. Run a2enmod ssl on Linux.
Final Thoughts
Installing an SSL certificate on XAMPP provides a simple way to test your websites over HTTPS locally before deploying to production. By following the steps to generate or obtain a trusted SSL certificate, configuring Apache and phpMyAdmin to use HTTPS, and troubleshooting any issues with mixed content or certificate warnings, you can set a full-featured local development environment with HTTPS.
Taking the time to install and test SSL certificates on XAMPP properly ensures your websites will be secure, trusted, and performant when you finally install them live. With a few configuration tweaks, anyone can install an SSL certificate on XAMPP and unlock the benefits of HTTPS for their local WordPress, Magento, or any other web development.
Frequently Asked Questions
How do I get an SSL certificate for local XAMPP development?
You can either create a self-signed certificate for basic testing or get a free SSL certificate from Let’s Encrypt for proper HTTPS testing. Other options are to purchase from a commercial CA or copy an existing certificate from your live site’s hosting control panel.
Does the local domain name matter for an SSL certificate on XAMPP?
Yes, the common name (CN) on the certificate must match your local development domain like localhost or testsite.local. If the names don’t match, you’ll see browser warnings for certificate domain mismatch.
Where do I install the SSL certificate files in XAMPP?
Go to XAMPP Control Panel > Apache > Config > SSL Certificate. Here, you can upload the .crt certificate file and .key private key file. You can also configure the SSL protocols to be enabled.
How do I enable HTTPS for phpMyAdmin in XAMPP?
In the XAMPP Control Panel, go to Config > phpMyAdmin. Under “SSL,” select https://localhost/phpmyadmin from the drop-down menu and click Apply. Now, phpMyAdmin will use HTTPS automatically.
How can I fix mixed content errors when testing HTTPS locally?
Use relative paths for resources like images, CSS, and JS instead of absolute HTTP urls. Also, update any hardcoded HTTP references in code to HTTPS. Enable WordPress/CMS HTTPS settings. Check for redirects stripping protocol.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
